T-002: Vulnerability in Host INtegration Server RPC Service
A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server. An attacker could exploit the vulnerability by constructing a specially crafted RPC request. The risk is HIGH. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Hello!
I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
JSON::RPC(3pm) User Contributed Perl Documentation JSON::RPC(3pm)NAME
JSON::RPC - Perl implementation of JSON-RPC 1.1 protocol
DESCRIPTION
JSON-RPC is a stateless and light-weight remote procedure call (RPC)
protocol for inter-networking applications over HTTP. It uses JSON
as the data format for of all facets of a remote procedure call,
including all application data carried in parameters.
quoted from <http://json-rpc.org/wd/JSON-RPC-1-1-WD-20060807.html>.
This module was in JSON package on CPAN before. Now its interfaces was completely changed.
The old modules - JSONRPC::Transport::HTTP and Apache::JSONRPC are deprecated. Please try to use JSON::RPC::Server and JSON::RPC::Client
which support both JSON-RPC protocol version 1.1 and 1.0.
EXAMPLES
CGI version.
#--------------------------
# In your application class
package MyApp;
use base qw(JSON::RPC::Procedure); # Perl 5.6 or more than
sub echo : Public { # new version style. called by clients
# first argument is JSON::RPC::Server object.
return $_[1];
}
sub sum : Public(a:num, b:num) { # sets value into object member a, b.
my ($s, $obj) = @_;
# return a scalar value or a hashref or an arryaref.
return $obj->{a} + $obj->{b};
}
sub a_private_method : Private {
# ... can't be called by client
}
sub sum_old_style { # old version style. taken as Public
my ($s, @arg) = @_;
return $arg[0] + $arg[1];
}
#--------------------------
# In your triger script.
use JSON::RPC::Server::CGI;
use MyApp;
# simple
JSON::RPC::Server::CGI->dispatch('MyApp')->handle();
# or
JSON::RPC::Server::CGI->dispatch([qw/MyApp FooBar/])->handle();
# or INFO_PATH version
JSON::RPC::Server::CGI->dispatch({'/Test' => 'MyApp'})->handle();
#--------------------------
# Client
use JSON::RPC::Client;
my $client = new JSON::RPC::Client;
my $uri = 'http://www.example.com/jsonrpc/Test';
my $obj = {
method => 'sum', # or 'MyApp.sum'
params => [10, 20],
};
my $res = $client->call( $uri, $obj )
if($res){
if ($res->is_error) {
print "Error : ", $res->error_message;
}
else {
print $res->result;
}
}
else {
print $client->status_line;
}
# or
$client->prepare($uri, ['sum', 'echo']);
print $client->sum(10, 23);
See to JSON::RPC::Server::CGI, JSON::RPC::Server::Daemon, JSON::RPC::Server::Apache JSON::RPC::Client and JSON::RPC::Procedure.
ABOUT NEW VERSION
supports JSON-RPC protocol v1.1
TODO
Document
Examples
More Tests
AUTHOR
Makamaka Hannyaharamitu, <makamaka[at]cpan.org>
COPYRIGHT AND LICENSE
Copyright 2007-2008 by Makamaka Hannyaharamitu
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.10.1 2008-09-01 JSON::RPC(3pm)